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(54) Abstract Title 

Connection of a mobile wireless terminal to a host computer 

,57> A connection is established between a wireless mobile terminal and a host computer via a '^ mobile 
communication network. A connection establishment request, wh.ch may be encrypted, .s sent from the 
ST th e host computer. If the information sent in the request is verified, a response .s sent back to the 
mobile o establish the connection. The encrypted data may be different each time a connect.on request is 
maoe and ma Include the time the cal. is made. A hash value may be generated using the encryption data, a 
random "number generator initialised depending on the hash value, and a random number generated from the 
time information. 
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The present invention generally relates to a method of establishing a 
connection between a wireless mobile terminal and a host computer in a wireless 
mobile communications system, and to such a wireless mobile communication system, 
a wireless mobile terminal, a host computer and also encryption and decryption 
methods in such a wireless mobile communication system, and in particular to an 
access method which provides a mobile terminal with access to a host computer of the 
mobile terminal through the mobile communications. 

In radio mobile communications, a plurality of data exchanges are needed for 
establishing.connection between a mobile terminal and a connection control station. 
To achieve rapid connection establishment, there has been proposed a call connection 
procedure in Japanese Patent Unexamined Publication No 4-23527. More specifically, 
when calling, the mobile terminal transmits a calling signal conveying a source ID 
(identification) number, a destination ID number, and additional information to the 
connection control, the following processes are performed concurrently: a subscriber 
information check using the source ID number, an additional information check, and 
a connection process of a switching system. Only when all responses to the checks 



and the 



connection process are af f irmatlve , the connection between the 
mobile terminal and the connection control station is established. 

An authentication method using secret-key encryption has 
been proposed in Japanese Patent Unexamined Publication No . 
5-183507 . An ID center transmits random data as an authentication 
request signal to a mobile terminal. At the mobile terminal, the 
received random data and a secret key input by the subscriber are 
used to produce encrypted data. The encrypted data is transmitted 
as an authentication response signal to the ID center. At the 
ID center, the random data and a registered secret key are used 
to produce encrypted data which is compared with the received 
encrypted data from the mobile terminal. If the produced 
encrypted data is coincident with the received one, the 
authentication check Is affirmative. 

Similarly, a radio telephone service access method using 
secret-key encryption has been proposed in Japanese Patent 
Unexamined Publication No. 4-2333341. 

In the case of a host access system in which a mobile terminal 
obtains access to a host computer through the mobile communication 
system, however, the conventional technique described above falls 
to provide both sufficiently rapid connection establishment and 
sufficient security of private information. In the connection 
control procedure where a calling signal conveying a source ID 
number, a destination ID number and additional information is 
transmitted to the connection control station, after all the 
necessary check processes have been completed in the mobile 



svstem the connection between the mobile terminal and the host 

luring -l the access CeC processes in ,he mottle —carron system. 

to *e conventional anamination methods using secre«-*ey cncxypuon a 
plura li,y of data Changes are needed for connection esrahlishmen, ^ » 
:U and a conneciion con.ro, srarion. Therefore, i, is very difficuU ,0 shorten ,he 
time required for connection establishment. . c m 

In objec, of a, ieas, rhe preferred embodimen, o, rhe presen, rnvennon ,s , 
pro vide a nrernod and sysrem which can effecrive.y perform connecrion esrabUshmen, 

" ' Sh l!Ter such objec, is ,0 provide a merhod which can achieve rapid connecrion 

establishment with data security. 

to a fixs. aspec, .he presen. inven.ion prov.des a me.hod of es.abhshrng a 
connecrion between a wire.ess nrobUe renninal and a hos. computer in a — 
mobil e communications system, comprising .he s.eps of a, .he wue e^ mo*, 
renninal, producing a connection es.abUshn.en. re q ues. s.gna, tnCud, g M 
„ion whrch is required ro obrain services from .he hos. compmer - 
fining rhe connecrion es.bHshn.en, reques, signa, ,0 rhe £ 
tat conrpurer receiving .he connection establishnren. reques, s.gna, from the wrre ess 
m obi,e Lina,, verifying the M infomration included in ,he — - 
est abUsbmen« re q ues, signa, received, and rransmming a response s.gna, bacMo the 
M mobile .ennina, «o esrahiish ,he connedon between the wrreiess mobtle 
renninai and .he hos, conrputer only when the firs, information has been venfied. 

According ,0 the above, when es,ab,ishing a connection between a w.reless 
mobi,e rennina, and a hos, comparer in a wfre.ess mob„e communications sys,em rhe 
Less mobi.e .ermina, produces a connection es,a bl ishnre„, reques, s.gna, ,nc,u nr 
« .nformarioo which is required .0 ob,ain services from ,he hos. conrputer and hen 
Rasmus ,he connecrion es,ab,isbmen, reques. signa, ,o .he hos. conrpu.er. When 



receiving the connection establishment request signal from the 
wireless mobile terminal, the host computer verifies the first 
information included in the connection establishment request 
signal received, and transmits a response signal back to the 
wireless mobile terminal only when the first information has been 
verified. This causes the connection to be established between 
the wireless mobile terminal and the host computer. 

The wireless mobile terminal may encrypt the first 
information into encrypted data according to a predetermined 
encryption scheme and produce the connection establishment 
request signal which includes the encrypted data in place of the 
first information. Similarly, the host computer may decrypt the 
encrypted data included in the connection establishment request 
signal received into the first information according to the 
predetermined encryption scheme and verify the first Information. 

The first information may be encrypted into different 
encrypted data each time the connection establishment request 
signal is transmitted. 



The present invention also provides a wireless mobile communications system 
comprising a plurality of wireless mobile terminals, a plurality of wireless base 
stations and a host computer, wherein a connection is established between a wireless 
m obile terminal and a host computer through a wireless base station, the wneless 
m obile terminal comprising a wireless transceiver for communicating with the wxreless 
base station, and a terminal processor for producing a connection establishment request 
signal including first information which is required to obtain services from the host 
computer and controlling the wireless transceiver such that the connects 
establishment request signal is transmitted to the host computer, and the host computer 
comprising a transceiver connected to a switched network and a host processor for 
verifying the first information included in the connection establishment request signal 
received from the wireless mobile terminal and controlling the transceiver such that 
a response signal is transmitted back to the wireless mobile terminal to establish the 
connection between the wireless mobile terminal and the host computer only when the 
first information has been verified. 

The present invention extends to a wireless mobile terminal for establishing a 
connection with a host computer connected to a stationary network system through a 
wireless mobile communications system, comprising a wireless transceiver for 
communicating with a nearby wireless base station of the wireless mobile 
communications system, and a processor for producing a connection establishment 
request signal including first information which is required to obtain services from the 
host computer, encrypting the first information into encrypted data according to a 
predetermined encryption scheme, and controlling the wireless transceiver such that 
the connection establishment request signal including the encrypted data in place of 
the first information is transmitted to the host computer, wherein the connects » 
established between the wireless mobile terminal and the host computer when a 
response signal to the connection establishment request signal is received from the 
host computer. 

Tie present invention also extends to a host computer connected to a stafonary 
switched network which is in ham connected to a wireless mobile communicates 
system compnsing a transceiver connected to the stationary swirched network, the 




transceiver receiving a connection establishment request signal from a wireless mobile 
terminal, the connection establishment request signal including encrypted data which 
is obtained by encrypting first information according to a predetermined encryption 
5 scheme, the first information being required to obtain services from the host computer, 
and a processor for decrypting the encrypted data included in the connection 
establishment request signal received into the first information according to the 
predetermined encryption scheme, verifying the first information included in the 
connection establishment request signal, and controlling the transceiver such that a 

10 response signal is transmitted back to the wireless mobile terminal to establish the 
connection between the wireless mobile terminal and the host computer only when the 
first information has been verified. 

In another aspect, the present invention provides a method of encrypting a part 
of a transmission signal in a wireless mobile communications system, comprising the 

15 steps of producing a transmission signal including first information to be encrypted, 
encryption information, and time information which indicates when the transmission 
signal is transmitted, generating a random number based on the encryption information 
and the time information, converting the random number to an encryption address 
value having a predetermined number of digits, reading an encryption value from an 

20 encryption table depending on the encryption address value, and encrypting the first 
information by combining the encryption value and the first information. 

In yet another aspect, the present invention provides a method of decrypting 
a part of a reception signal in a wireless mobile communications system comprising 
the steps of receiving a reception signal including encrypted data to be decrypted, 

25 encryption information, and time information which indicates when the reception 
signal is transmitted at a transmitting side, generating a random number based on the 
encryption information and the time information, converting the random number to an 
encryption address value having a predetermined number of digits, reading an 
encryption value from an encryption table depending on the encryption address value, 

30 and decrypting the encrypted data by combining the encryption value and the 
encrypted data. 

Preferred features of the present invention will now be described, purely by 
way of example only, with reference to the accompanying drawings, in which:- 

Fig. 1 is a schematic block diagram showing the configuration of a network 
35 system implementing an access method; 



Fig 2 is a block diagram showing the schematic internal 
circuit of a mobile terminal in the network system of Fig. ls 

Fig. 3 is a block diagram showing the schematic internal 
circuit of a host computer in the network system of Fig. 1; 

Fig. 4 is a diagram showing a sequence for connection 
establishment ; 

Fig- 5 is a diagram showing the signal format of a calling 
signal from a mobile terminal; 

Fig- 6 is a diagram showing an operation of an encryption 

and 



process ; 

Fig- 
process.. 



7 is a diagram showing an operation of a decryption 



Referring to Fig. 1. a plurality of mobile terminals each 
labeled MT are possessed by registered subscribers . respectively - 
A plurality of base stations each labeled BS form radio zones, 
respectively. Each base station can communicate with each mobile 
terminal located therein through a radio channel. The base 
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stations are connected to a mobile switching system 10 which is 
further connected to an ID center 11 and a stationary switched 
network 12 such as public switched telephone network. 

A host computer 14 is connected to the stationary switched 
network 12 through a modem 13 or a set of digital service unit 
(DSU) and a terminal adapter (TA). Assuming that a mobile 
terminal MT is registered as a subscriber to the host computer 
14, the mobile terminal MT can access to the host computer 14 
through the mobile switching system 10 and the stationary switched 
network 12 according to an access procedure as will be described 
later. 

Referring to Fig. 2, each mobile terminal MT is provided 
_ with a radio system 101 which receives and transmits a radio signal 
from and to a nearby base station through an antenna. The mobile 
terminal MT is further provided with a processor 103 -performs the 
operation control of the mobile terminal. The processor 103 
performs encryption/decryption processing using a random number 
generator 104 and an encryption table 105 to encrypt a 
predetermined part of transmission data and to decrypt received 
data. The operation control of the mobile terminal is performed 
using a ROM 106 and a RAM 107. The ROM 106 stores necessary 
programs and the subscriber ID number which was uniquely assigned 
to the mobile terminal MT . In the case of a mobile telephone, 
a speaLker, a microphone, a display, and a keypad are further 
provided as a user interface. 

Referring to Fig. 3, the host computer 14 is provided with 
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a processor 201 which perforins encryption /decryption processing 
using a random number generator 202 and an encryption table 203 
to decrypt a predetermined part of received data from the mobile 
terminal MT and to encrypt transmission data. The random number 
generator 202 and the encryption table 203 are the same as those 
of the mobile terminal MT. The processor 201 performs the 
operation control of the authentication procedure using a database 
204 which stores terminal data, subscriber data and other 
necessary data for authentication and connection establishment. 

ACCESS SEQUENCE 
Referring to Fig. 4, in the case where the mobile terminal 
MT is located In the radio zone of the nearby base station BS and 
requests connection establishment to the host computer 14. the 
processor 103 of the mobile terminal MT_produces a connection 
15 establishment request signal conveying necessary information for 
communication with the host computer 14 as shown in Fig. 5. The 
necessary Information includes subscriber name information, 
authentication information, encryption information and an access 
code as will be described in detail. A predetermined part of the 
20 connection establishment request signal is encrypted by the 
processor 103 using the random number generator 104 and the 
encryption table 105 and then the connection establishment request 
signal conveying encrypted data is transmitted to the nearby base 
station BS through a predetermined radio channel (step S301). 
25 When receiving the connection establishment request signal 

from the mobile terminal MT, the base station BS transfers it to 
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the mobile switching system 10 (step S302). If it is determined 
that the mobile terminal MT is a subscriber of the mobile 
communications system by the ID center 11 checking the ID number 
conveyed by the connection establishment request signal, the 
connection establishment request signal is transmitted to the 
stationary switched network 12. According to the destination ID 
number included in the connection establishment request signal, 
the stationary switched network 12 transfers it to the host 
computer 14 (step S303). 

Vftien receiving the connection establishment request signal 
including the encrypted data from the mobile terminal MT through 
the stationary switched network 12, the processor 201 of the host 
computer 14 decrypts the encrypted data and transfers the 
decrypted data to the processor 201. The processor 201 verifies 
the subscriber name information and the authentication 
Information by referring to the database 204. 

Only when the subscriber name Information and the 
authentication information have been verified, the processor 201 
produces a response to the connection establishment request and 
transmits it to the mobile switching system 10 through the 
stationary switched network 12 (step S304). The response is 
transferred from the mobile switching system 10 to the base station 
BS (step S305) and is further transferred from the base station 
BS to the mobile terminal MT through a radio channel (step S306) . 

In this manner, the connection between the mobile terminal 
MT and the host computer 14 is established and the mobile terminal 
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MT can transmit data to the host computer 14 through the 
established connection (step S307). Since the necessary 
information is transmitted to the host computer 14 and the response 
to the connection establishment request is transmitted back to 
the mobile terminal MT when the necessary information has been 
verified, the connection can be established by only one data 
transmission -reception between the mobile terminal MT and the host 
computer 14. Therefore, the connection establishment is 
effectively performed at a short time. Further, only one data 
transmission-reception causes the reduced possibility that the 
connection fails to be established due to radio channel impairment 
conditions . 

CONNECTION ESTABLISHMENT REQUEST SIGNAL 
Referring to Fig. 5, the connection establishment request 
15 signal conveys the following information: connection 

establishment information 401. source ID number 402, destination 
ID number 403, radio system ID number 404, time data 405, 
encryption information 406, access code 407 .. subscriber name 
information 408 and authentication information 409. The source 
20 ID number 402 is the identification number of the mobile terminal 
MT and the destination ID number Is the subscriber number of the 

host computer 14. 

The tUne data 405 Indicates the time of day when the mobile 
terminal. MT maXes a call. In this embodiment, the time data 405 
25 indicates the minute of the time of day. The access code 407 is 
used to identify the access means and the type of the mobile 



terminal MT. More specifically, according to the access code 407 
conveyed by the connection establishment request signal, the host 
computer 14 changes the connection establishment process to the 
procedure corresponding to the mobile terminal MT. The 
subscriber name information 408 is the ID number of the subscriber 
which possesses the mobile terminal MT, 

To protect against tapping, a set of the access code 407, 
the subscriber name information 408 and the authentication 
information 409 (called ASA data, hereinafter) is encrypted and 
transmitted as will be described hereinafter. 

ENCRYPTION 

As shown in Fig. 6, the processor 103 of the mobile terminal 
MT reads the encryption information 406 (here, value E) and the 
time (minute) data 405 (here, value T) from the connection 
establishment request signal. The processor 103 calculates a 
Hash value H from the value E using the Hash function: H = f (E) 
(step S501) . 

The processor 103 initializes the random number generator 
104 according to the Hash value H and then obtains a random number 
RN T from the random number generator 104 according to the value 
T of the time (minute) data 405 (step S502). Further, the 
processor 103 converts the random number RN T to a number R^. ranging 
from 0 to 255 by dividing the random number RN T by 256 to obtain 
the reminder R,. thereof (step S503). 

Subsequently, the processor 103 reads encryption value E T 

from the location of the encryption table 105 which is addressed 
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with the reminder R*. Finally, the processor 103 exclusive-ORs 
the encryption value S T and the ASA data of the access code 407. 
the subscriber name information 408 and the authentication 
information 409 to produce encrypted data 410 (S505). In this 
manner, the processor 103 produces the connection establishment 
request signal including the encrypted data 410 which is to be 

transmitted to the host computer 14. 

DECRYPTION 

As shown in Fig. 7, when receiving the connection 
establishment request signal including the encrypted data 4 10 from 
the mobile terminal MT , the processor 201 of the host computer 
14 reads the encryption information 406 (here, value E) and the 
time (minute) data 405 (here, value T) from the received connection 
establishment request signal. The processor 201 calculates a 
Hash value H from the value E using the Hash function: H = £ (E) 
( step S601 ) . 

The processor 201 initializes the random number generator 
202 according to the Hash value H and then obtains a random number 
RN T from the random number generator 202 according to the value 
T of the time (minute) data 405 (step S602). Further, the ^ 
processor 201 converts the random number RN r to a number R T ranging 
from 0 to 255 by dividing the random number RN T by 256 to obtain 
the reminder R T thereof (step S603). 

Subsequently, the processor 201 reads encryption value E T 
from the location of the encryption table 203 which is addressed 
with the reminder R*. Finally, the processor 201 exclusive-ORs 
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the encryption value E and the encrypted data to reproduce the original set of the 
access code 407, the subscriber name information 408 and the authentication 
information 409. In this manner, the processor 201 produces the original connection 
establishment request signal. 

Since the data to be secret is encrypted and then transmitted from the mobile 
terminal MT to the host computer 14, the data security is maintained. 

Each feature disclosed in this specification (which term includes the claims) 
and/or shown in the drawings may be incorporated in the invention independently of 
other disclosed and/or illustrated features. 

The text of the abstract filed herewith is repeated below as part of the 
specification. 

In a network system including a wireless mobile communications system, when 
establishing a connection between a wireless mobile terminal and a host computer 
connected to a stationary network system, the wireless mobile terminal produces a 
connection establishment request signal including first information which is required 
to obtain services from the host computer and then transmits the connection 
establishment request signal to the host computer. The host computer verifies the first 
information included in the connection establishment request signal received from the 
wireless mobile terminal and transmits a response signal back to the wireless mobile 
terminal only when the first information has been verified. This causes the connection 
to be established between the wireless mobile terminal and the host computer. 



CLAIMS 



!. A method of establishing a connection between a 
wireless mobile terminal and a host computer in a wireless mobile 
communications system. comprising the steps of : 

at the wireless mobile terminal, 

a) producing a connection establishment request 
signal including first information which is required to obtain 
services from the host computer; and 

b) transmitting the connection establishment 

request signal to the host computer; 

at the host computer, 

c) receiving the connection establishment request 
signal from the wireless mobile terminal .- 

d) verifying the first information included in the 
connection establishment request signal received; and 

e) transmitting a response signal back to the 
wireless mobile terminal to establish the connection between the 
wireless mobile terminal and the host computer only when the first 
information has been verified. 

2. a method according to claim 1, wherein 

the step a) comprises the steps of: 

encrypting the first Information into encrypted data 
according to a predetermined encryption scheme; and 
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producing the connection establishment request 
signal which includes the encrypted data in place of the first 
information, and 

the step d) comprises the steps of: 

decrypting the encrypted data included in the 
connection establishment request signal received into the first 
information according to the predetermined encryption scheme; and 

verifying the first information. 

3. A method according to claim 2, wherein the first 
information is encrypted into different encrypted data each time 
the connection establishment request signal is transmitted. 

4. A method according to claim 1, wherein 

the connection establishment request signal further 
includes calling time data and encryption information, and 

the first information includes subscriber 
identification Information and authentication information. 

5. a method according to claim 4, wherein 
the step a) comprises the steps of: 

encrypting the first information into encrypted data 
based on the calling time data and the encryption information 
according to a predetermined encryption scheme; and 

producing the connection establishment request 
signal which includes the encrypted data in place of the first 
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the host computer- comprising: 

a transceiver connected to a switched network; and 
a host processor for verifying the first information 
included in the connection es tabllshment request signal received 
from the wireless mobile terminal and controlling the transceiver 
such that a response signal Is transmitted back to the wireless 
mobile terminal to establish the connection between the wireless 
mobile terminal and the host computer only when the first 
information has been verified. 

7 . A wireless mobile communications system according 
to. claim 6, wherein 

the wireless mobile terminal further comprises: 
a terminal processor for encrypting the first 
information into encrypted data according to a predetermined 
encryption scheme and producing the connection establishment 
request signal which includes the encrypted data in place of the 
first information, and 

the host computer* further comprising 
a host processor for decrypting the encrypted data 
included in the connection establishment request signal received 
into the first information according to the predetermined 
encryption scheme. 

8. A wireless mobile communications system according 
to claim 7 , wherein 
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encrypted data in place of the first information is transmitted 
to the host computer, wherein the connection is established 
between the wireless mobile terminal and the host computer when 
a response signal to the connection establishment request signal 
5 is received from the host computer. 



11. A host computer connected to a stationary switched 
network which is in turn connected to a wireless mobile 
communications system, comprising: 

a transceiver connected to the stationary switched 

10 network, the transceiver receiving a connection establishment 
request signal from a wireless mobile terminal, the connection 
establishment request signal including encrypted data which is 
obtained by encrypting first information according to a 
predetermined encryption scheme, the first information being 

15 required to obtain services from the host computer; and 

a processor for decrypting the encrypted data 
included in the connection establishment request signal received 
into the first information according to the predetermined 
encryption scheme, verifying the first information included in 

20 the connection establishment request signal, and controlling the 
transceiver such that a response signal is transmitted back to 
the wireless mobile terminal to establish the connection between 
the wireless mobile terminal and the host computer only when the 
first information has been verified. 
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15. A method according to claim 14, wherein 

the step b) comprises the steps of: 

generating a Hash value from the encryption 
information using a Hash function; 

initializing a random number generator depending on 
the Hash value; and 

generating the random number from the time 

information . 

16. A decryption method according to claim 14 or 15, 
wherein in the step e) , the first information is encrypted by 
Exclusive-ORing the encryption value and the first information. 

17. A method decrypting a part of a 
reception signal in a wireless mobile communications system, 

.comprising the steps of: 

a) receiving a reception signal including encrypted 
data to be decrypted, encryption information, and time information 
which indicates when the reception signal is transmitted at a 
transmitting side; 

b) generating a random number based on the encryption 
information and the time information; 

c) converting the random number to an encryption 
address value having a predetermined number of digits, - 

d) reading an encryption value from an encryption 
table depending on the encryption address value; and 
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